Made it so that most of the profiler functions now match the behavior of Shark. Most notably, in the
heavy view, child nodes now represent the statistics of the root node. Each root node of heavy view
displays flattened statistics for a particular function that ran during the profile, and each child
of these root nodes represents a callpath that lead to it. Thus, the statistics for each of these child
nodes should show how much of the root nodes values came from it. For example, if you had the following to
stacks take place during the profile:

A ->calls 1 times-> B ->calls 2 times-> C
D ->calls 4 times-> C

The tree for the C root node would look like this:

C -> B -> A

-> D

The number of calls values would look like this:

C (6) -> B (2) -> A(2)

-> D (4)

What this means is that "2 of the total 6 C calls came from B", "2 of the total C calls came from A", and
"4 of the total C calls came from D". Notice that the "A ->calls 2 time->" is completely ignored. This becomes
particularly tricky during recursive calls, because each child note can represent multiple possible paths. This
is the reason that we would get things like 40000% previously with recursion.

This is also the way gprof works, and as close as we can get to Shark's behavior (Shark is not instrumented so it
can't know exactly how many calls came from where, etc).

English.lproj/localizedStrings.js: Added "Average" for average times in the profile.

Changed profile.treeProfile to just profile, since these aren't generated in C++ anymore.
Removed heavy-view test since heavy-view isn't an actual tree that is generated in C++ land anymore,
but rather just a different display of the normal treeProfile in the JS data grid.

Various small fixes to YARR JIT, in preparation for enabling it by default.

Correctly index into the callframe when storing restart addresses for
nested alternatives.

Allow backtracking back into matched alternatives of parentheses.

Fix callframe offset calculation for parenthetical assertions.

When a set of parenthese are quantified with a fixed and variable portion,
and the variable portion is quantified once, this should not reset the
pattern match on failure to match (the last match from the firxed portion
should be preserved).

Up the pattern size limit to match PCRE's new limit.

Unlclosed parentheses should be reported with the message "missing )".

<rdar://problem/6808109> "Deletion UI" is not available for many
portions of HTML content

This patch makes the deletion UI show up in some new situations:
1) If a block's background color is different from its parent's
2) If a block has a background image.
3) If a block has a single visible border.
However the block must now not only be at least a minimum width and
height, but also exceed a minimum area. In practice this has led to
much better element selection.

<rdar://problem/6808109> "Deletion UI" is not available for many
portions of HTML content

This patch makes the deletion UI show up in some new situations:
1) If a block's background color is different from its parent's
2) If a block has a background image.
3) If a block has a single visible border.
However the block must now not only be at least a minimum width and
height, but also exceed a minimum area. In practice this has led to
much better element selection.

fix <rdar://problem/6081309> Mail crash when pressing down arrow in
some messages in WebCore::canHaveChildrenForEditing

Test: editing/selection/extend-by-line-anonymous-content-crash.html

editing/visible_units.cpp:
(WebCore::previousLinePosition): Null-check node. If p is not an
editable position, then closestLeafChildForXPos() may have returned a
non-editable box, and in particular one belonging to anonymous content.
If node is 0, fall back on RenderObject::positionForPoint, which
finds the closest position in non-anonymous content.
(WebCore::nextLinePosition): Ditto.

Make the Mac platform the same as all the other platforms. Instead of (incorrectly) marking a FrameView for layout
when its underlying document view changes, just mark the outermost frame view for layout when the WebView's size changes.

<rdar://problem/6791439> REGRESSION: Get an error page instead of login page navigating back in gmail

Test: http/tests/history/back-to-post.php

platform/network/cf/ResourceRequestCFNet.cpp: (WebCore::ResourceRequest::doUpdatePlatformRequest):
Apply a new cache policy if it changed after the platform request was first created.
While at it, also made sure to update timeout.

For most loads, we were consulting the navigation policy delegate twice. Once from FrameLoader before
the load started and once from MainResourceLoader in its willSendRequest callback.

In the past we tried removing MainResourceLoader's call altogether. This caused a regression where urls
that redirect to a url handled by an external application would no longer work in Safari. It probably
also broke other WebKit apps in subtle ways.

Changing MainResourceLoader to make the check only on redirects fixes both bugs. We now only call the
policy delegate once for most standard loads, but we do correctly call it a second time for redirects.

Tests: http/tests/misc/policy-delegate-called-twice.html

http/tests/misc/redirect-to-external-url.html

loader/MainResourceLoader.cpp:
(WebCore::MainResourceLoader::willSendRequest): Call the navigation policy delegate only for redirects.

With the fix for:
<rdar://problem/6786961> - "Are you sure you want to resubmit this form?" nag displays twice.
And also to make sure we never rebreak:
<rdar://problem/5689748> - Cannot redirect to protocols handled by external applications.

Add a hack to only allow navigating (via a link from a http page)
to feed: urls (same for feeds: and feedsearch:) that map to http:
or https: via their nested protocol. This includes both feed://example.com
and feed:http://example.com.

Update WebKitSystemInterface with new method that maps CFNetwork error code to localized description.

Reviewed by Darin Adler.

win/include/WebKitSystemInterface/WebKitSystemInterface.h:

win/lib/WebKitSystemInterface.lib:

win/lib/WebKitSystemInterface_debug.lib:

WebKit/win:

<rdar://problem/5115298> Don't get error msg when download is interrupted and cannot resume due to server unavailability
If we fail to get an error description back from CFNetwork, try to get the localized description
based on the error code.

Empty paragraph removal would have been handled by mergeParagraphs, but we stopped short
because of some code that avoided problems that would arise from Positions that would go
bad during deletion.

We have several checks that prevent us from using bad Positions, this one in particular
was added to avoid bad Positions that result from text removal. So, I removed the check
and started correctly updating m_downstreamEnd during text removal so that it doesn't go
bad. m_upstreamStart doesn't need to be updated during text removal, since only text
after it will ever be removed.

This is the first step of allowing drag events to match the behaviour
of mouse move events when the default action of the initial mouse down
is prevented. Remaining issue is that the final mouse up event still
targets the original root frame.

<rdar://problem/6702882> QT movie's video fails to be displayed after switching between tabs
<rdar://problem/6754957> Resizing Web browser window and hitting play will cause video blocks and artifacting

When in a media document, MediaPlayerPrivateQTKit uses a QTMovieView which may get
layer backing under some circumstances. However, drawing the view via
displayRectIgnoringOpacity:inContext: bypasses any layer setup that AppKit normally performs.
So when in the media document, we draw via displayRectIgnoringOpacity:.

platform/win/WidgetWin.cpp:
Reordered some includes. Added an include of Page.h.
(WebCore::Widget::setCursor):
Fixed a typo in the comment about ignoreNextSetCursor. Get the Page, and
call its Chrome's setCursor() method with the passed cursor. Fall back
to SetCursor() if the Page is not available.

plugins/win/PluginViewWin.cpp:
(WebCore::PluginView::handleMouseEvent):
Remove an unused variable. Cleaned up some whitespace.

WebKit/win/:

Interfaces/IWebUIDelegatePrivate.idl:
Added a function to the IWebUIDelegatePrivate5 interface.

WebCoreSupport/WebChromeClient.cpp:
(WebChromeClient::setCursor):
Try to call the UI delegate's webViewSetCursor() method. If it fails,
fall back to calling SetCursor() with the passed cursor.

WebCoreSupport/WebChromeClient.h:

WebView.cpp:
(WebViewWndProc):
Call the Chrome's setCursor() method with the last set cursor.

We need to ensure that XMLTokenizer sets the current DocLoader before calling in to
any libxml2 methods that may trigger a load. The presence of a DocLoader indicates
that the load was originated by WebCore's use of libxml2 and that we should enforce
the same-origin policy on it. XMLTokenizer::initializeParserContext,
XMLTokenizer::doWrite and XMLTokenizer::doEnd were three methods that were not setting
the current DocLoader when they should have.

The XMLTokenizerScope class is introduced to simplify the pattern of saving, setting and
restoring the current DocLoader and libxml2 error handlers. The DocLoader and error handlers
are saved and set when the scope is allocated, and restored to their previous values when
the scope is exited.

editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::moveParagraphContentsToNewBlockIfNecessary): If the enclosing block is the
root editable element and it contains no visible content, create a new block but don't try and move
content into it, since there's nothing for moveParagraphs to move.

Use a larger recursion limit on the main thread (because we can, and
there's some evidence that it may improve compatibility), and a smaller
recursion limit on secondary threads (because they tend to have smaller
stacks).

interpreter/Interpreter.h:
(JSC::): Ditto. I wrote the recursion test slightly funny, so that the
common case remains a simple compare to constant.

runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin): Conservatively, set the array recursion limits
to the lower, secondary thread limit. We can do something fancier if
compatibility moves us, but this seems sufficient for now.

page/Settings.cpp:
(WebCore::Settings::Settings): Initialize editing behavior to Mac-style for PLATFORM(MAC).
Later we may want to change this default to encompass other versions running on Mac.

page/Settings.h: Added EditingBehavior, setEditingBehavior, editingBehavior, and
m_editingBehavior. Also moved m_maximumDecodedImageSize out of the middle of all
the bit fields.

platform/graphics/IntPoint.h: Added a constructor to turn an IntSize into an IntPoint.
I'm not sure the distinction here is serving us well at the moment. When converting from
global to local coordinates you want to do IntPoint - IntPoint and have the result be
another IntPoint, not an IntSize. And so on.

rendering/RenderBlock.cpp:
(WebCore::positionForPointRespectingEditingBoundaries): Changed to use pointers more and
separate coordinates less.
(WebCore::RenderBlock::positionForPointWithInlineChildren): Turned into a member function.
Added separate cases to support the Mac and Windows behavior.
(WebCore::RenderBlock::positionForPoint): Updated for the change above. Also moved the
computation of pointInContents closer to the place it's used.

Fix some tests that are depending on Mac vs. Windows selection quirks accidentally.
Added failing tests to the skipped list for SnowLeopard.

editing/resources/select-all-iframe-src.html: Moved.

editing/selection/resources/select-all-iframe-src.html: Moved from
editing/resources/select-all-iframe-src.html, since this is used by a test in the
selection directory. Changed mouse coordinates to be farther to the right so we
don't depend on the rule for what's selected when you click below text on the last line.

editing/selection/select-all-iframe.html: Updated for new location of file above.

fast/events/standalone-image-drag-to-editable.html: Changed mouse coordinates to be
farther to the right so we don't depend on the rule for what's selected when you click
below text on the last line.

platform/mac-snowleopard/Skipped: Added some tests to the Skipped list.

svg/custom/pointer-events-path.svg: Clear the selection at the end of the test so it's
not in the test results. Also removed unneeded use of the layout test controller.

​https://bugs.webkit.org/show_bug.cgi?id=19644
Text copied with Select All pastes with a indent but shouldn't
<rdar://problem/6102483>
Pasting the content of an HTML message in Mail causes addition nested <div> elements to be added

To improve selectall/copy/paste fidelity of certain pages, we began wrapping copied content with
a div that held properties and attributes from the fully selected body. To fix the above issues,
only do this if if the body has certain properties or attributes. We'll begin adding to this list as
necessary. For now it's just background colors and images. Tested copy/paste of nytimes, wired,
arstechnica, and several others.

​https://bugs.webkit.org/show_bug.cgi?id=19644
Text copied with Select All pastes with a indent but shouldn't
<rdar://problem/6102483>
Pasting the content of an HTML message in Mail causes addition nested <div> elements to be added

​https://bugs.webkit.org/show_bug.cgi?id=25250
Allow platforms to snap the scroll thumb back to the drag origin
during a drag. Implement functions for Safari/Win and Chromium/Win
to do this snapping at distances approximating the native ones.

Rename JavaScriptCore_debug.dll to JavaScriptCore.dll in the Debug
configuration

This matches the naming scheme for WebKit.dll, and will be necessary
once Safari links against JavaScriptCore.dll. This change also causes
run-safari not to fail (because the launcher printed by FindSafari was
always looking for JavaScriptCore.dll, never
JavaScriptCore_debug.dll).

Rename JavaScriptCore_debug.dll to JavaScriptCore.dll in the Debug
configuration

This matches the naming scheme for WebKit.dll, and will be necessary
once Safari links against JavaScriptCore.dll. This change also causes
run-safari not to fail (because the launcher printed by FindSafari was
always looking for JavaScriptCore.dll, never
JavaScriptCore_debug.dll).

WebKit.vcproj/WebKit.vcproj: Use $(WebKitDLLConfigSuffix) for naming
JavaScriptCore.{dll,lib}.

WebKitTools:

Rename JavaScriptCore_debug.dll to JavaScriptCore.dll in the Debug
configuration

This matches the naming scheme for WebKit.dll, and will be necessary
once Safari links against JavaScriptCore.dll. This change also causes
run-safari not to fail (because the launcher printed by FindSafari was
always looking for JavaScriptCore.dll, never
JavaScriptCore_debug.dll).

-[NSScrollView scrollWheel:] runs a nested event-tracking run loop
in a mode that allows WebCore timers to fire and NSURLConnection
callbacks to be dispatched, which can release the NSScrollView and
cause it to be deallocated (one example is a DOM timer callback that
removes a subframe from the document). This leads to a crash in
-scrollView:.

The fix is to replace the implementation of -[NSScrollView scrollWheel:]
with one that optionally retains the receiver for the duration of the
call.

page/mac/EventHandlerMac.mm:
(WebCore::nsScrollViewScrollWheelShouldRetainSelf): Added.
(WebCore::setNSScrollViewScrollWheelShouldRetainSelf): Added. Replaces
the implementation of -[NSScrollView scrollWheel:] with the
self-retaining one, and sets a static boolean that tells it whether to
retain the receiver around the call to the original implementation.
(WebCore::selfRetainingNSScrollViewScrollWheel): Added. If
setNSScrollViewScrollWheelShouldRetainSelf(true) was called and this
function is executing on the main thread, it retains the NSScrollView,
invokes the original -[NSScrollView scrollWheel:], then releases the
view. Otherwise it just calls through to the original implementation.
(WebCore::EventHandler::passWheelEventToWidget): Added calls to
setNSScrollViewScrollWheelShouldRetainSelf() around the call to
-scrollWheel:.

bindings/js/JSSVGElementInstanceCustom.cpp:
(WebCore::JSSVGElementInstance::mark): Don't ASSERT that an ElementInstance's
correspondingElement has a JS wrapper. If a GC falls exactly between the
allocation of the ElementInstance wrapper and the correspondingElement
wrapper, the correspondingElement won't have a wrapper at the time we
mark the ElementInstance's wrapper.

First part of <rdar://6395825> It takes over 20 sec to launch Safari with 500KB history file

This ports the changes that were made to WebKit/mac's WebHistory
implementation in r25275 to WebKit/win. WebHistory now stores a
HashMap from CFAbsoluteTime (stored as int64_t) to CFArray of
IWebHistoryItem*. The HashMap lets us look up the CFArray for a
particular day's history in constant time rather than linear time. The
precise reasons why we store the CFAbsoluteTime as an int64_t are lost
to the mists of time, but it is likely because these CFAbsoluteTimes
never have a decimal part, and integer comparisons are faster than
floating-point comparisons, so storing them as int64_t should improve
performance without losing precision. We also now use a binary search
instead of a linear search when determining the index at which to
insert a WebHistoryItem into its day's CFArray.

This patch reduces the time needed to load a 100,000-item
History.plist from ~15 seconds to ~7.5 seconds. Further improvements
could likely be made by reducing the number of string conversions,
reducing calls to CFTimeZone functions, and removing all the
WebHistoryItemsAdded notifications that are sent (Mac doesn't send any
while loading history).

Reviewed by Darin Adler.

WebHistory.cpp:
(WebHistoryWriter::WebHistoryWriter): Changed to take a
DateToEntriesMap instead of a CFArrayRef. Initialize m_dateKeys to
contain the keys from m_entriesByDate in ascending order.
(WebHistoryWriter::writeHistoryItems): Now loops through m_dateKeys in
reverse order and gets the entries array from the DateToEntriesMap.
(WebHistory::WebHistory): Removed code to initialize
m_datesWithEntries (which has been removed) and m_entriesByDate (which
has been converted to a HashMap).
(WebHistory::removeAllItems): Clear out m_entriesByDate and
m_orderedLastVisitedDays.
(WebHistory::orderedLastVisitedDays): If we don't already have a
cached m_orderedLastVisitedDays array, create one by converting the
keys from m_entriesByDate to DATEs and sorting them in descending
order. Then copy m_orderedLastVisitedDays to the output buffer.
(WebHistory::orderedItemsLastVisitedOnDay): Updated to use findKey
instead of findIndex and to treat m_entriesByDate as a HashMap.
Now that the items in each day's CFArray are stored in descending
order (newest to oldest), we don't have to reverse them when filling
in the output buffer. (The old comment about putting the items in
oldest-to-newest order was incorrect -- it was putting them in
newest-to-oldest order.)

(WebHistory::addItemToDateCaches):
(WebHistory::removeItemFromDateCaches):
Changed to use findKey instead of findIndex and to treat
m_entriesByDate as a HashMap. If we're adding a key to or removing a
key from m_entriesByDate, also clear m_orderedLastVisitedDays so that
we will regenerate it for the current set of keys the next time it is
needed.

(timeIntervalForBeginningOfDay): Added. Returns the CFAbsoluteTime
that corresponds to the beginning of the day in which the passed-in
DATE occurs.
(WebHistory::findKey): Returns the key used in m_entriesByDate to
store the CFArray that should contain the IWebHistoryItem that
corresponds to the passed-in DATE. Replaces findIndex.
(WebHistory::insertItem): Changed to treat m_entriesByDate as a
HashMap rather than a CFArray. We now optimize for inserting at the
beginning and end of the array, and use a binary rather than linear
search when inserting into the middle of the array.
(WebHistory::data): Changed to treat m_entriesByDate as a HashMap.

platform/graphics/SimpleFontData.cpp: Remove "String.h" include. Ojan probably intended to include
"PlatformString.h" which was unnecessary because it is pulled in through other headers. This wasn't a
build failure on case-insensitive file systems because those systems would find the system <string.h>, averting
the warning.

bindings/js/JSEventListener.h:
(WebCore::JSEventListener::isInline): Merged JSAbstractEventListener
into JSEventListener. Now that the only difference between JSEventListener
and JSLazyEventListener is that JSLazyEventListener compiles lazily,
there's no need for an abstract base class.

bindings/js/JSLazyEventListener.cpp: Converted JSLazyEventListener to
inherit from JSEventListener and match its un-GC-protected behavior.
(WebCore::JSLazyEventListener::JSLazyEventListener): ditto
(WebCore::JSLazyEventListener::parseCode): ditto
(WebCore::createInlineEventListener): When creating a lazy event listener,
ensure that the related node has a JS wrapper to mark the listener. Since
the parser makes these listeners, it's possible that no JS reference has
been made to the node yet.

Those values for textarea and inputs were derived by doing a ton of manual
testing of IE's width values for various textareas and fonts.

To get the average and max character width of a font, we do the following
for each platform:
-Win: TextMetrics expose avgCharWidth and maxCharWidth
-SVG: avgCharWidth = width of an '0', fallback on width of a space glyph, then m_xHeight

maxCharWidth = width of a 'W' for roman fonts, fallback on m_ascent

-Linux: avgCharWidth = width of an '0', fallback on m_xHeight

maxCharWidth = max of avgCharWidth and m_ascent

-Mac: look in the OS/2 table for avgCharWidth and grab the maxCharWidth off the font.

If either one is not there, then calculate the value using the Linux approach.

Linux ports could probably dig into the OS/2 table as well, but I'll leave
that up to them to implement.

outlineBoundsForRepaint() should compute a quad relative to the
repaintContainer. This fixes the repaint issues originally fixed in​https://bugs.webkit.org/show_bug.cgi?id=12885 for elements in compositing layers.
Failure was only apparent when building with ACCELERATED_COMPOSITING enabled.

fix <rdar://problem/6734365> REGRESSION eBay "Save this search" link
does nothing the second time search results are opened

Test: fast/dom/HTMLScriptElement/nested-execution.html

Instead of executing scripts as soon as they finish loading, which may
happen synchronously during execution of another script, defer their
execution until the next run loop iteration, using a queue that is
similar to the HTML5 notion of the "list of scripts that will execute as
soon as possible", and in my testing was consistent with how Firefox
behaved.

dom/ScriptElement.cpp:
(WebCore::ScriptElementData::ScriptElementData): Initialize m_requested.
(WebCore::ScriptElementData::requestScript): Set m_requested to true, to
prevent further load requests.
(WebCore::ScriptElementData::execute): Added. Moved the code from
notifyFinished() which should not execute synchronously here, to be
called by the Document on a 0-interval timer.
(WebCore::ScriptElementData::notifyFinished): Moved the code to
dispatch events and evaluate the script, which should not execute
synchronously, out of here.
(WebCore::ScriptElementData::ignoresLoadRequest): Changed to test for
m_requested instead of m_cachedScript, because the latter is cleared
before the script is evaluated.

dom/ScriptElement.h:

LayoutTests:

Reviewed by Mark Rowe.

test and updated tests for <rdar://problem/6734365> eBay "Save this
search" link does nothing the second time search results are opened

When we fail to decode an image we clear most of the image data, but not the
input data itself, which can be backed by a CFData object that itself holds onto
a few hundred Kbs of memory. This patch merely ensures that this buffer gets
cleared.

Add hoooks so sudden termination will not cause loss of icons or local storage.
rdar://problem/5951701

loader/icon/IconDatabase.cpp: Marked various constants static to give them
internal linkage.
(WebCore::IconDatabase::IconDatabase): Added initial value for m_syncTimer.
Removed unneeded initial value for m_defaultIconRecord. Changed assertion to
work cross-platform.
(WebCore::IconDatabase::wakeSyncThread): Added disableSuddenTermination, so
we won't terminate until the sync thread has done its thing.
(WebCore::IconDatabase::scheduleOrDeferSyncTimer): Added disableSuddenTermination,
so we won't terminate if we have an outstanding sync timer.
(WebCore::IconDatabase::syncTimerFired): Added enableSuddenTermination, to
balance the one in scheduleOrDeferSyncTimer.
(WebCore::IconDatabase::syncThreadMainLoop): Added enableSuddenTermination, to
balance the one in wakeSyncThread.
(WebCore::IconDatabase::deleteAllPreparedStatements): Use clear() instead of set(0).

loader/icon/IconDatabase.h: Use a Timer instead of an OwnPtr<Timer>.

storage/LocalStorageArea.cpp:
(WebCore::LocalStorageArea::scheduleFinalSync): Added disableSuddenTermination.
(WebCore::LocalStorageArea::scheduleItemForSync): Ditto.
(WebCore::LocalStorageArea::scheduleClear): Ditto.
(WebCore::LocalStorageArea::syncTimerFired): Added a disableSuddenTermination if
we schedule a performSync callback for later and an unconditional
enableSuddenTermination to balance the ones in the schedule calls above.
(WebCore::LocalStorageArea::sync): Factored out the work of the sync function so it
can continue to use early return idiom.
(WebCore::LocalStorageArea::performSync): Added a call to enableSuddenTermination.

Removed a little more complexity from event handler creation and destruction.

Removed the jsProtectedEventListeners, jsProtectedInlineEventListeners,
and jsInlineEventListeners maps, and all the code for managing them.

ProtectedEventListeners don't exist anymore, so they're easy to nix.

Inline EventListeners do still exist, but there's no reason to track
them in a map. The map exists to enable 'removeEventListener' to associate
a unique JSEventListener with a given JavaScript function. But the
'removeEventListener' API only works with non-inline event listeners!